CVE-2025-68385

Name of the Vulnerable Software and Affected Versions Vega (affected versions not specified)

Description An issue exists where improper input neutralization during web page generation allows an authenticated user to embed a malicious script in content served to web browsers. This results in cross-site scripting (XSS) via a method in Vega, bypassing a previous XSS mitigation. The issue allows for browser-side script execution and potential data theft through Vega charts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.